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(54) NETWORK SYSTEM AND ITS USER AUTHENTICATING METHOD 

(57) Abstract: 

PROBLEM TO BE SOLVED: To make the connection from a client to individual 
server application simpler by unitarily managing the connection and, in 
addition, to make the setting and management of user information efficient 
in a network environment. 

SOLUTION: In a system composed of at least one server computer (10 and 20) 
which provides server application and at least one client 40 which is 
connected to the server computer through a network environment and uses the 
server application, a personal information management server 30 having a 
personal information management table 31 on which the user authentication 
information of the client is registered at every server application and a 
user authenticating means which makes user authentication to the server 
that provides the server application instead of the client based on the 
user authentication information registered on the table 31 is provided at 
every client. 
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[Claim(s)] 

[Claim 1 ] At least one server computer which offers server application, In the system which consists of at least one client which 
connects with this server computer through a network environment, and uses said server application It is prepared for said every client. 
Said client is replaced based on said user authentication information registered into the personal-information-management table which 
registered the user authentication information on that client for said every server application, and this 
personal-information-management table. Said server application The network system characterized by providing a 
personal-information-management server with a user authentication means to perform user authentication to said server to offer. 
[Claim 2] It is the network system according to claim 1 which registers flag information into said personal-information-management 
table, and is characterized by said user authentication means performing user authentication to said server which offers said server 
application instead of said client based on this flag information. 

[Claim 3] It is the network system according to claim 1 characterized by having a starting means to start the function or database 
specified based on said additional information after it registers the additional information which specifies the database which said 
server application starts, and which is functioned or used as said personal-information-management table and said 
personal-information-management server carries out user authentication. 

[Claim 4] The network system according to claim 1 characterized by enciphering and registering user authentication information into 
said personal-information-management table, 

[Claim 5] The network system according to claim 4 characterized by enciphering and registering using what is different in user 
authentication information on said personal-information-management table, and is different in an encryption means or a cryptographic 
key for every information of the. 

[Claim 6] Claims 1 and 2 characterized by said client having a means to register information in said personal-information-management 
table, and a network system given in three. 

[Claim 7] The network system according to claim 6 characterized by transmitting the user authentication information enciphered to said 
personal-information-management server in order that said client might register user authentication information into said 
personal-information-management table. 

[Claim 8] At least one server computer which offers server application, In the system which consists of at least one client which 
connects with this server computer through a network environment, and uses said server application The 

personal-information-management table which was prepared for said every client and registered the user authentication information on 
the client for said every server application is prepared. The user authentication approach in the network system characterized by 
carrying out user authentication to said server which offers said server application instead of said client based on said user 
authentication information registered into this personal-information-management table. 

[Claim 9] The user authentication approach in the network system according to claim 8 characterized by performing user authentication 
to said server which registers flag information into said personal-information-management table, and offers said server application 
instead of said client based on this flag information. 

[Claim 10] The network system according to claim 8 characterized by starting the function or database specified based on said 
additional information after registering the additional information which specifies the database which said server application starts, and 
which is functioned or used as said personal-information-management table and carrying out user authentication. 
[Claim 1 1] The user authentication approach in the network system according to claim 8 characterized by enciphering and registering 
user authentication information into said personal-information-management table. 

[Claim 12] The user authentication approach in the network system according to claim 8 characterized by enciphering and registering 
using what is different in user authentication information on said personal-information-management table, and is different in an 
encryption means or a cryptographic key for every information of the. 

[Claim 13] The user authentication approach in the network system according to claim 8 characterized by said client registering user 
authentication information into said personal-information-management table. 

[Claim 14] The user authentication approach in the network system according to claim 1 3 characterized by transmitting the user 
authentication information enciphered to said personal-information-management server in order that said client might register user 
authentication information into said personal-information-management table. 
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[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the user authentication approach in the network system and network system which 
perform user authentication for the connection to a server with the various server applications of the client in a network system put in 
block, 
[0002] 

[Description of the Prior Art] When various server applications (service), such as the electronic mail system and groupware system with 
which are managed in a network through the mobile environment which went via LAN or the public line network from a client 
computer or a terminal, and the user is provided, and a print server, were used conventionally, it connected with the network first (log 
in), and had connected with the various server applications used after that (log in). That is, in case it connects with a network, user 
authentication is required by considering the input of a password as user ID. Moreover, also in case it connected with server application 
after that, user authentication was required whenever it connected with each server application. Moreover, User Information required 
for such user authentication was managed in each server application as data (file). 
[0003] 

[Problem(s) to be Solved by the Invention] As mentioned above, when using the various server applications in a network from a client 
computer or a terminal conventionally, whenever it connected with the connection and each server application to a network, user 
authentication was required, and the procedure of connection was complicated. Moreover, management of User Information required 
for user authentication was also performed separately, and when performing the setting out and management, there was a problem of 
taking time and effort very much. 

[0004] This invention was made in order to solve such a conventional trouble, and it aims at carrying out unitary management of the 
connection with each server application in a network environment, and attaining the simplification of connection, and setting out of 
User Information and the increase in efficiency of management. 
[0005] 

[Means for Solving the Problem] At least one server computer by which this invention offers server application, In the system which 
consists of at least one client which connects with this server computer through a network environment, and uses said server 
application It is prepared for said every client. Said client is replaced based on said user authentication information registered into the 
personal-information-management table which registered the user authentication information on that client for said every server 
application, and this personal-information-management table. Said server application It is characterized by providing a 
personal-information-management server with a user authentication means to perform user authentication to said server to offer. 
[0006] According to such a configuration, user authentication put in block to two or more server computers which offer server 
application can be carried out. Moreover, this invention registers flag information into said personal-information-management table, 
and said user authentication means is characterized by performing user authentication to said server which offers said server 
application instead of said client based on this flag information. 

[0007] According to such a configuration, user authentication can be carried out to the server computer which offers the server 
application specified with the flag. Moreover, this invention registers the additional information which specifies the database which 
starts said server application, and which is functioned or used as said personal-information-management table, and it is characterized 
by said personal-information-management server having a starting means to start the function or database specified based on said 
additional information, after carrying out user authentication. 

[0008] According to such a configuration, after carrying out user authentication, the function or database specified based on additional 
information can be started. Moreover, this invention is characterized by enciphering and registering user authentication information 
into said personal-information-management table. 

[0009] Thus, if constituted, the theft of the user authentication information registered into a personal-information-management table 
and tapping are prevented, and security can be secured. Moreover, this invention is characterized by enciphering and registering using 
that from which user authentication information is differed on said personal-information-management table, and it differs an encryption 
means or a cryptographic key for every information of the. 

[0010] Thus, if constituted, the theft of the user authentication information registered into a personal-information-management table 
and tapping are prevented, and security can be secured further. Moreover, this invention is characterized by said client having a means 
to register user authentication information in said personal-information-management table. 

[001 1] Thus, if constituted, user authentication put in block to two or more server computers which offer server application based on a 
user's volition can be carried out. Moreover, this invention is characterized by transmitting the user authentication information 
enciphered to said personal-information-management server, in order that said client may register user authentication information into 
said personal-information-management table. 

[0012] Thus, if constituted, in order that said client may register user authentication information into said 
personal-information-management table, in case user authentication information is transmitted on a network, the theft of user 
authentication information and tapping are prevented, and security can be secured further. 
[0013] 

[Embodiment of the Invention] Hereafter, 1 operation gestalt of this invention is explained to a detail using a drawing. Drawing 1 is the 
system chart showing 1 operation gestalt of this invention. It is LAN (Local Area Network)50 which a sign 50 shows. The server A10, 
the server B20, the personal-information-management server 30, and the client 40 are connected to this Local Area Network 50, 
respectively. 

[0014] A server A10 is a server computer which provides a client computer with an electronic mail function as server application. A 
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[0014] A server A10 is a server computer which provides a client computer with an electronic mail function as server application. A 
server B20 is a server computer which provides a client computer with a groupware function as server application. A client 40 is a 
client computer which uses the function of the server application which connects with a network through LAN50 and a server A10 and 
a server B20 offer. 

[0015] The personal-information-management server 30 is a server computer with the function to manage the individual humanity news 
of the user of all the client computers connected to LAN50, and to execute user authentication procedure of each server by proxy 
instead of a client computer. This personal-information-management server 30 has two or more personal-information-management 
tables which registered the individual humanity news of each user corresponding to all the client computers connected to LAN50. 
[0016] The detail of the personal-information-management table 31 is illustrated to drawing 2 . In this drawing 2 , only the table which 
registered the individual humanity news corresponding to a client 40 was illustrated. In case the user name "SUZUKI" and the 
password "AZB YCX" are registered and this table is accessed, authentication with this user name and password that were registered is 
required for this personal-information-management table 3 1 . This personal-information-management table 3 1 consists of 5 items of 
service name 31a, user ID 31b, password 31c, information A3 Id, and information B31e. 

[0017] The "groupware" which shows the "electronic mail" which shows the server application which a server A10 offers, and the 
server application which a server B20 offers is registered into the item of service name 31a. 

[0018] The user ID and the password which are used for the user authentication at the time of a client 40 connecting with the server 
which offers the function shown by service name 31a are registered into the item of user ID 31b and password 31c. Corresponding to 
the service name "an electronic mail", "suzuki" is registered into user ED and "passwordl " is registered into the password, respectively. 
Corresponding to the service name "groupware", "suzuka" is registered into user ID and "password2" is registered into the password, 
respectively. 

[0019] An automatic authentication flag is registered into an information A3 Id item. When "1" is registered as this automatic 
authentication flag, instead of a client, user authentication procedure is performed using the information for user authentication 
registered into the item of user ID 31b and password 31c by the server which the server application specified by the corresponding 
service name offers. When "0" is registered as this automatic authentication flag, user authentication procedure is not performed. 
[0020] When it connects with the server to which a client provides the item of information B31e with the server application specified 
by the corresponding service name, it is the information for specifying the database and function of the server application which are 
used first by the default. Specifically corresponding to the service name "an electronic mail", the function of "reference of reception 
mail" is registered. Moreover, corresponding to a service name "groupware", registration of the data to each item of the 
personal-information-management table 31 of such a configuration of that the function of "access of the conference room reservation 
DB" is registered is performed from a client. When a client 40 is connected to a network with reference to the flow chart illustrated to 
drawing 3 next, actuation of the user authentication procedure put in block for connecting with two or more servers which the 
personal-information-management server 30 exists on a network instead of a client 40, and provides with server application is 
explained. 

[0021] First, from a client 40, a user name "SUZUKI" and a password "AZB YCX" are sent to the personal-information-management 
server 30, and user authentication put in block is required (step SI). Next, the personal-information-management server 30 compares 
the user name received from the client 40, and a password with the user name and password which are registered into the 
personal-information-management table 31 corresponding to a client 40, and performs user authentication of a client 40 (step S2). 
[0022] Processing is ended when this user authentication goes wrong. Progressing to step S3, when user authentication is successful, 
the personal-information-management server 30 performs as follows the user authentication procedure put in block for connecting with 
two or more servers which exist on a network and offer server application instead of a client 40. First, with reference to the information 
A3 1 d item of the personal-information-management table 3 1 , an automatic authentication flag checks " 1 " and the service name 
registered. The personal-information-management server 30 carries out user authentication for that connection instead of a client 40 
using the user ID by which this automatic authentication flag is registered into the item of user ID 31b to the server which offers the 
server application corresponding to "1 " and the service name registered, and the password registered into the item of password 31c. 
Since the automatic authentication flag corresponding to a service name "an electronic mail" is registered with "1", specifically, the 
personal-information-management server 30 carries out user authentication to a server A10 using user ID "suzuki" and a password 
"passwordl." 

[0023] Next, the personal-information-management server 30 starts the function of "reference of reception mail" registered into the 
item of information B31e, when the user authentication to a server A10 is completed (step S4). Then, the 

personal-information-management server 30 notifies completion of the user authentication put in block to the client 40, passes access to 
the server A10 to a client 40, and ends processing„(step.S5), 

[0024] Following 2 as security countermeasures of user authentication It is desirable to cope with **. the 1st ****-- it is enciphering 
the information registered into each item of the personal-information-management table 31. In order to strengthen security more, it is 
more desirable to change the approach and cryptographic key of encryption for every information registered into each item. 
[0025] the 2nd ****-- in order that a client 40 may register information into each item of the personal-information-management table 
31, in case information is transmitted to the personal-information-management server 30 through LAN50, it is enciphering the 
information. 

[0026] Although the operation gestalt explained above explained the case where direct continuation of the client was carried out to 
LAN, user authentication which was similarly put in block not only this but in the case of the client (terminal) put on the mobile 
environment connected to LAN through PPP connection etc. can be performed. 
[0027] 

[Effect of the Invention] According to this invention, it aims at carrying out unitary management of the connection with the network in a 
network environment, and the connection with each server application, and attaining the simplification of connection, and setting out of 
User Information and the increase in efficiency of management. 



2 of 3 



3/25/04 4:05 PM 



http : /Avww4. ipdl jpo .go jp/cgi-bin/tran_web_cgi_ejj e 



3/25/04 4:05 PM 



http:/Avww4.ipdljpo.go.jp/cgi-bin/tran_web_cgi_ejje 




[Brief Description of the Drawings] 
[Drawing 11 The system chart showing 1 operation gestalt of this invention. 
[Drawing 21 Drawing having shown the detail of the personal-information-management table 31. 
[Drawing 31 Flow chart drawing explaining actuation of the user authentication procedure put in block. 
[Description of Notations] 
10 .... Server A 
20 .... Server B 

30 .... Personal-Information-Management Server 

31 .... Personal-Information-Management Table 
31a .... Service name 

31b.... User ID 
31c .... Password 
31d .... Information A 
31e .... Information B 
40 .... Client 
50 .... LAN 
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DRAWINGS 
[Drawing 11 
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[Drawing 21 
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[Drawing^] 
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